Team Intro The USDS Privacy and Integrated Security team is responsible for overseeing and governing all activities of privacy impacts to TikTok USDS' operations. - We address complex and cutting-edge challenges, aiming to build the world's most trusted social media platform. - We partner with TikTok global legal, R&D, Privacy and Data Protection Office, and security organizations in advancing our privacy practices. - We oversee, govern and support the integration and optimization of operational privacy capabilities including data inventory, data classification, data retention/deletion, and incident response, etc., to ensure scalable and compliant privacy and data protection practices. We seek a highly motivated, experienced, and dynamic professional to join our team. This is an opportunity to work on the most innovative platform in the industry, strengthening security and privacy, in our mission to Inspire Creativity and Enrich Lives. In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time. Responsibilities - Lead, design and implement the USDS framework that oversees and governs Privacy Operations. - Lead the operationalization of policies in USDS business units and operating arms. Drive the development of operational specs and SOPs that are aligned with company policies and standards. Collaborate with global PDPO to ensure alignment with the global privacy compliance framework (PCF). Promote the global framework within USDS operating arms. - Actively support privacy compliance assessments, identifying gaps in the alignment of operations with the global Privacy Compliance Framework (PCF), including privacy controls and safeguards across a broad spectrum of products. - Based on identified gaps, draft and implement necessary policies, processes, and Standard Operating Procedures (SOPs) to formalize privacy practice and improve privacy operations at USDS, continuously improving USDS privacy posture while contributing to the broader global privacy framework. - Build strong relationships with global and US stakeholders. Build rapport with R&D/PDPO and US privacy operations. Champion privacy best practices of global impacts and integrate them into USDS operations. - Support privacy risk assessments with a focus on control implementation. Provide actionable recommendations to mitigate identified risks and enhance privacy compliance. - Lead alignment with global awareness program. Develop collaboration programs/trainings for USDS teams to ensure that they understand the requirements of Privacy Operations and establish a long-term communication channel with critical teams. - Maintain an understanding and awareness of relevant privacy laws and regulations, as well as industry best practices and developments. Representing the company and having the ability to distill and demonstrate company-wide privacy priorities, efforts and their execution in an impactful manner. - Demonstrate empathy towards business and engineering cost considerations while advocating for robust privacy practices. - Engage in special projects and additional responsibilities may be needed as the team expands and capabilities are enhanced.
Minimum Qualifications - 5+ years in privacy/security, auditing, consulting, technical program management or industry equivalent work experience along with Proven track record of managing privacy/security programs and initiatives. - Strong communication and interpersonal skills, with the ability to effectively engage with stakeholders at all levels of the organization. Strong project management skills, with the ability to manage multiple tasks simultaneously and prioritize appropriately. - Excellent fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO 27001, ISO/IEC 27701, NIST RMF, ISO 31000, IAPP guidelines, etc.) and a thorough understanding of the laws and regulations of important countries, such as GDPR, CCPA, COPPA, etc.. - Familiar with PIA/DPIA methods, and able to propose practical and feasible privacy controls based on the results of privacy risk assessment, with considerations on business processes, technical solutions and capabilities. - Must be able to adapt to the people, process and technology complexities in a large enterprise. Preferred Qualifications - Software/Security/Privacy Engineering background in a large global enterprise - Proven track record of delivering ambitious programs/organizational change in a technical audit or privacy field. - Relevant certifications in Security/Privacy, for example: CISSP, CRISC, CISA, CIPP/E, CIPM are a plus.
Read Full Description